CVE-2020-8203: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
(updated )
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
References
- github.com/advisories/GHSA-p6mc-m468-83gw
- github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
- github.com/lodash/lodash/issues/4744
- github.com/lodash/lodash/issues/4874
- hackerone.com/reports/712065
- nvd.nist.gov/vuln/detail/CVE-2020-8203
- security.netapp.com/advisory/ntap-20200724-0006/
- www.npmjs.com/advisories/1523
- www.oracle.com//security-alerts/cpujul2021.html
- www.oracle.com/security-alerts/cpuApr2021.html
- www.oracle.com/security-alerts/cpujan2022.html
- www.oracle.com/security-alerts/cpuoct2021.html
Detect and mitigate CVE-2020-8203 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →